The likelihood of compromise is a function of the determination of the one trying to compromise your environment and the value/reward for doing so.

This is the same argument I make when someone asks me to place an absolute value on residual risk. The dirty little secret is, you can't.

That said, should *every* variable be correct, you shouldn't be an "easy" target because you're doing the basic due dilligence of attempting to limit access.